[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
PGP timeline FAQ... comments requested
There seems to be much confusion amongst some of the newer users of
PGP who frequent alt.security.pgp, and recently whilst delving in to
give my version of how it happened my post got longer and longer,
until it grew on the spur of the moment into a sort of FAQ. I got a
few comments, and corrections from that post, but I thought there are
likely to be people who know more annecdotes and were around at the
time that RSA was being published in the face of NSA opposition, etc.
Let me have your comments on the accuracy, plus any annecdotes which
you think really should go in to give the correct feel for the
historical timeline.
Thanks,
Adam
======================================================================
PGP timeline and brief history
======================================================================
contents:
0 Definitions of acronyms
1 History of crypto as it applies to PGP
2 Birth of PGP
3 USG decides they don't like PRZ
4 PRZ, MIT and RSA sort out earlier patent issues
5 Current legal status
6 ITARs viewed from inside the US
7 ITARs viewed from outside the US
======================================================================
0 definitions of acronyms
======================================================================
PGP = Pretty Good Privacy
PRZ = Phil R Zimmermann, internet folk hero, author of PGP
RSA = The RSA public key algorithm as used in PGP
RSADSI = rsa.com, RSA Data Security Inc, patent holders of some public
key stuff, which they claim means that no one can use RSA without
getting a license from them.
PKP = public key partners RSADSI plus Cylink (plus others?) (now disbanded)
ITAR = International Traffic in Arms Regulations controls export of
controlled munitions from the US, things like military
aircraft components, biological and chemical weapons, and also
(very strangely) cryptographic software.
PK = public key (crypto)
NSA = US National Security Agency, US govt's largest spook agency.
whimsically known as No Such Agency, because until recently the US
govt tried to deny they even existed.
OTDC = Office of Defense Trade Controls, USG group charged with
enforcing ITAR. They consult with the NSA, the NSA has the
last word on what gets export approval.
======================================================================
1 History of crypto as it applies to PGP
======================================================================
1.1 The year is 1976 a cryptographer, and privacy advocate named
Whitfield Diffie, together with mathematician named Martin Hellman
discovers public key cryptography. (DH key exchange is still a
commonly used key exchange protocol -- DH = Diffie-Hellman).
1.2 1977 Ron Rivest, Adi Shamir, and Len Adleman discover another more
general public key system called RSA (after surnames Rivest,
Shamir, and Adleman). R, S & A were researchers at MIT
(significant later, because MIT had part ownership of patents.)
1.3 NSA tells MIT and R, S & A that they'd better not publish this or else.
1.4 Amusingly Adi Shamir (A from RSA) isn't even a US citizen, he's an
Israeli national, and is now back in Israel at the Technicon (is
he, anyone know his current affiliation?) Who knows what the NSA
would have done about him if they had succeeded in supressing RSA
- not allowed him out of the US?
1.5 MIT and R, S & A ignore NSA and publish anyway in SciAm July
1977. Comms ACM (feb 1978, vol 21, no 2, pp 120-126 in case
you want to see if it's in your library - it's in Exeter Univ
(UK) library).
1.6 Because the publication was a rush job due to the NSA, R,S & A
and the later formed PKP and RSADSI lose patent rights
to RSA crypto outside the US. This is because most places
outside the US, you have to obtain a patent *before*
publication, where as in the US, you have one year from the
publication date to file for patents. This also had implications for
PGP later
1.7 IDEA was developed by Xuejia Lai and James Massey at ETH in Zurich.
(Relevant to PGP because IDEA is the symmetric key cipher used
together with RSA in PGP). Also crypto politics relevance in
that it is another (of many) examples of the fact that crypto
knowledge and expertise is worldwide, ie why export restrict
something which is available both sides of the ITAR fence, or
even originated *outside* it? (Strangely, ITAR applies to
importing and then re-exporting a crypto system, even if no
modifications are made). There are lots of other symmetric key
ciphers, IDEA is one with a good reputation (no known practical
attacks better than brute-force to date, and a good key size), and
is just referenced here because of its use in PGP.
(some years pass...)
======================================================================
2 Birth of PGP
======================================================================
2.1 PRZ wrote PGP
2.2 PRZ gave PGP to some friends
2.3 some friends up loaded onto a few bulletin boards (US only)
One friend (allegedly Kelly Goen) went around pay-phones with a
portable, an acoustic coupler, and a list of BBS phone numbers
uploading and then driving on to another area. This cloak and
dagger stuff was because at the time the USG had some draconian
sounding proposed law on the books which sounded like it was
going to outlaw crypto. The intention was to ensure that PGP was
available before this law came into effect, and to avoid being
stopped if the USG took interest.
2.4 somehow PGP leaked outside the US via the internet. Information
wants to be free, as someone said: `trying to control the free
flow of information on the internet is like trying to plug a
sieve with a hole in it'. Also Tim May's quote 'National borders are
just speedbumps on the information superhighway' expresses the
point very nicely.
2.5 people all over the world (yeah outside the US too) start using PGP
2.6 RSA complains to PRZ that PGP violates their PK patents
2.7 PRZ tells RSA to get stuffed, says its the users problem to get a license
2.8 PGP is considered potentially patent infringing because of 2.6
2.9 Illegality taint increases the spread of PGP, generates news, more
people get a copy to see what the fuss is about
(some time passes, PGP gets real popular...)
======================================================================
3 USG decides they don't like PRZ
======================================================================
3.1 US govt decides that they don't like PRZ because the NSA can't
tap all those internet mail messages anymore. (the NSA part is
speculation, but in my opinion likely true).
3.2 US govt begins investigating PRZ for alleged aiding with ITAR
violation.
3.3 Phil Zimmermann legal defense fund set up to cover his legal
expenses
3.4 still on going...
(concurrently...)
======================================================================
4 PRZ, MIT and RSA sort out earlier patent issues
======================================================================
4.1 MIT and PRZ work with RSA to sort out patent issue.
4.2 A solution is obtained in that RSA agree that PGP can use RSA
provided that their RSAREF library is used.
4.3 PGP2.5 is written which uses RSAREF in place of MPILIB (also
has backwards compatibility with older versions impaired to discourage
use of older allegedly patent infringing versions - to keep RSA happy)
4.4 RSAREF may be slower, but at least with some negotiating by PRZ
and MIT, PGP is now 100% legal in the US
4.5 MIT begins acting as official US distributor of PGP
4.6 As usual, a few milli-seconds (well okay, minutes) after the
official release of a new version of PGP, it gets exported from
the US.
4.7 The deal with RSA over RSAREF has fixed the patent related
problems in the US, but it has created a copyright related
problem outside the US, (recall 0.6). RSAREF is a software
package copyrighted by RSA, and RSA is not allowed to export it
because of ITAR, and their license agreement says as much (ie it
says that you must not export it, and if you do export, you, and
the subsequent users of it, are in breach of license). It is
therefore supposed that RSA could if they wanted complain about
this (who knows that they would want to, or what conceivable
benefit it would give them if they did). This isn't enough to
bother most people, but commercial users, and big organisations
have lawyers, and are wary of such things.
4.8 Staale Schaumaker put together pgp26i to avoid this problem. Main
difference between pgp26x and pgp26xi is that pgp26xi uses PRZs
original big integer library MPILIB, which is any case faster than
RSADSI's RSAREF, and the lack of the legal kludge noted in 3.3.
======================================================================
5 Current legal status
======================================================================
5.1 PGP is legal both inside and outside the US. You just need to use
pgp26 versions inside the US, and pgp26xi versions outside the US.
5.2 In the US if you are using PGP in a commercial setting, and care
about patents, you should purchase a copy of ViaCrypt pgp2.7
5.3 Commercial use outside the US: RSA is free, in the PGP docs (pgp262i
& pgp262) Ascom-Tech are quoted as saying that currently no license
is required for commercial use of PGP outside the US as far as they
are concerned. Ascom-Tech are the patent holders of IDEA (see
1.7), the symmetric crypto system used by PGP.
======================================================================
6 ITARs viewed from inside the US
======================================================================
6.1 ITAR means that if you are in the US you should not export PGP.
(Yeah it's already available on a few thousand ftp sites around the
free world, so another export isn't going to make any difference, but
the NSA and the ODTC might not see it in that light).
6.2 Even though controlling the export of freeware software available
worldwide might seem incredibly stupid (not to mention
pointless), you should bear in mind that the penalties for
getting successfully prosecuted for violating ITAR are rather
steep. Up to $1,000,000 (US$) fine, and and up to10 years
imprisonment per count of export.
6.3 They'd probably never do anything to you, PRZ is just a scape goat
(someone they can symbolically persecute to discourage others).
I have personally seen several people from US sites post crypto
source and binaries (nautilus, PGP itself even). Plus of course
this:
#!/bin/perl -s-- -export-a-crypto-system-sig -RSA-3-lines-PERL
$m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa
2/d0<X+d*La1=z\U$n%0]SX$k"[$m*]\EszlXx++p|dc`,s/^.|\W//g,print
pack('H*',$_)while read(STDIN,$m,($w=2*$d-1+length$n&~1)/2)
has probably been exported a few hundred thousand times by now.
(It's an implementation of RSA encrypt and decrypt in perl and dc
- a real crypto system, which has every right to claim ITAR
status if anyting does, and yet benefits from being more
convienient to use as a .sig than a uuencoded PGP binary)
======================================================================
7 ITARs viewed from outside the US
======================================================================
7.3 If you are outside the US, ITAR probably doesn't apply to you.
You could, if you could be bothered, down load PGP from a
US site, and short of attempting an extradition for violating a
regulation which only applies in the US, there would be nothing
the NSA, or USG could do about it. Most extradition treaties tend
to rely on the action being prosecuted being illegal in both
countries.
7.4 Yeah, I know `tell that to Manuel Noriega' (a Panama citizen who
was kidnapped by a USG undercover agents and brought to the US to
face trial for importing/exporting drugs from Panama into the US.
He broke no Panamanian laws, he is a citizen of Panama, and was in
Panama when he committed his crime, and he is now languishing in
a US jail).
However, he was kidnapped for a number of reasons:
1. the USG thought they could get away with it (Panama owed
them a few favours)
2. politically easy to pass of acts of aggression (kidnap by
civilised countries in this day and age?) in the name of
the `War on Drugs'
3. they thought it was worth it.
Some of these criteria are likely to be missing if there was an
attempt to extradite a non-US citizen outside the US for breaking
ITAR. One big problem is that crypto is not controlled as much
in most of the free world. Also the fact that the USG haven't
bothered other people within the US who have similarly exported
crypto software (examples cited in 6.3) would make the whole
situation look rather silly.
7.5 A more important consideration is that although a non-US
downloader of PGP from a US site would be effectively immune to
the ITAR nonsense, the owner of the (US based) ftp/www site may
not be. You might get the site owner in trouble for not taking
adequate precautions. So politeness demands that you don't do
it.
7.6 Indeed why bother anyway, because PGP is available from
literally thousands of ftp sites, there is bound to be a closer
(and hence likely faster download) copy, without any hoops to
jump though.
======================================================================
Long live the Pretty Good revolution,
Adam Back <[email protected]>